package com.entrust.identityGuard.mobilesc.sdk;

import android.content.Context;
import android.content.Intent;
import android.content.res.AssetManager;
import android.net.Uri;
import android.os.AsyncTask;
import android.os.Build;
import com.entrust.identityGuard.mobilesc.sdk.btprotocol.EntBTSessionOptions;
import com.entrust.identityGuard.mobilesc.sdk.model.OptionsStore;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Locale;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.bouncycastle.i18n.ErrorBundle;
import org.conscrypt.JSSEProvider;
import org.conscrypt.OpenSSLProvider;

/* loaded from: classes.dex */
public class SmartCredentialSDK {
    public static final String APP_NAME = "SmartCredentialSDK";
    public static final int CARD_AUTH = 3;
    public static final int CARD_HOLDER_FACIAL_IMAGE = 4;
    public static final int DIGITAL_SIGN = 1;
    public static final int ENCRYPT = 2;
    public static final int LOG_LEVEL_DEBUG = 4;
    public static final int LOG_LEVEL_ERROR = 1;
    public static final int LOG_LEVEL_INFO = 3;
    public static final int LOG_LEVEL_OFF = 0;
    public static final int LOG_LEVEL_WARNING = 2;
    public static final int PIV_AUTH = 0;
    public static final int RETIRED_CERTS = 5;
    private static boolean a = false;
    private static com.entrust.identityGuard.mobilesc.sdk.crypto.android.b b = null;
    private static String c = null;
    private static int d = 1;
    private static CommCallback e = null;
    private static boolean f = true;
    private static boolean g;
    private static boolean h;
    private static com.entrust.identityGuard.mobilesc.sdk.version.a i;
    private static String j;

    /* loaded from: classes.dex */
    public static class a {
        public static String a(byte[] bArr) {
            return a(bArr, 16);
        }

        public static String a(byte[] bArr, int i) {
            if (bArr == null) {
                return null;
            }
            return new BigInteger(1, bArr).toString(i);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class c {
        private c() {
        }

        public ArrayList<String> a(e eVar) {
            ArrayList<String> arrayList = new ArrayList<>();
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(eVar.b).getInputStream()));
                while (true) {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        arrayList.add(readLine);
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
                return arrayList;
            } catch (Exception unused) {
                return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class d extends AsyncTask<Void, Void, Void> {
        private Context a;

        d(Context context) {
            this.a = context;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Void doInBackground(Void... voidArr) {
            com.entrust.identityGuard.mobilesc.sdk.credential.z.a(this.a);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public enum e {
        check_su_binary(new String[]{"/system/xbin/which", "su"});

        String[] b;

        e(String[] strArr) {
            this.b = strArr;
        }
    }

    private static synchronized void a(Context context) {
        synchronized (SmartCredentialSDK.class) {
            if (b == null) {
                try {
                    com.entrust.identityGuard.mobilesc.sdk.crypto.android.b.a(context);
                    b = com.entrust.identityGuard.mobilesc.sdk.crypto.android.b.a();
                } catch (Exception e2) {
                    com.entrust.identityGuard.mobilesc.sdk.util.a.a(APP_NAME, "Failed to initialize DeviceKeyManager. ", e2);
                }
            }
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private static void a(InputStream inputStream, File file) throws IOException {
        FileOutputStream fileOutputStream;
        try {
            fileOutputStream = new FileOutputStream(file);
            try {
                byte[] bArr = new byte[1024];
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read <= 0) {
                        inputStream.close();
                        fileOutputStream.close();
                        return;
                    }
                    fileOutputStream.write(bArr, 0, read);
                }
            } catch (Throwable th) {
                th = th;
                inputStream.close();
                fileOutputStream.close();
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
            fileOutputStream = null;
        }
    }

    private static boolean a() {
        String str = Build.TAGS;
        return str != null && str.contains("test-keys");
    }

    private static boolean a(Context context, String[] strArr) {
        return b(context, strArr) || h();
    }

    private static void b(Context context) {
        AssetManager assets = context.getAssets();
        boolean contains = Build.CPU_ABI.toLowerCase().contains("arm64-v8");
        String str = contains ? "arm64-v8" : "armeabi-v7";
        String str2 = contains ? "armeabi-v7" : null;
        logInfo(APP_NAME, "Preferred asset = " + str);
        File file = new File(context.getFilesDir(), "libcrypto.so.1.0.0");
        File file2 = new File(context.getFilesDir(), "libssl.so.1.0.0");
        try {
            a(assets.open(str + "a/libcrypto.so.1.0.0"), file);
            a(assets.open(str + "a/libssl.so.1.0.0"), file2);
        } catch (IOException e2) {
            h = false;
            logError(APP_NAME, "Error writing required library to app sandbox.", e2);
        }
        try {
            System.load(file.getAbsolutePath());
            System.load(file2.getAbsolutePath());
        } catch (UnsatisfiedLinkError e3) {
            if (str2 == null) {
                h = false;
                throw new SecurityException("Failed to load OpenSSL libraries: " + e3);
            }
            logInfo(APP_NAME, "Trying alternate asset directory: " + e3);
            try {
                a(assets.open(str2 + "a/libcrypto.so.1.0.0"), file);
                a(assets.open(str2 + "a/libssl.so.1.0.0"), file2);
            } catch (IOException e4) {
                h = false;
                logError(APP_NAME, "Error writing required library to app sandbox.", e4);
            }
            try {
                System.load(file.getAbsolutePath());
                System.load(file2.getAbsolutePath());
            } catch (UnsatisfiedLinkError e5) {
                h = false;
                throw new SecurityException("Failed to load OpenSSL libraries: " + e5);
            }
        }
        Security.insertProviderAt(new OpenSSLProvider(), 1);
        Security.insertProviderAt(new JSSEProvider(), 1);
        Provider[] providers = Security.getProviders();
        if (providers.length < 1 || !OpenSSLProvider.class.equals(providers[0].getClass())) {
            h = false;
            throw new SecurityException("Failed to add OpenSSL FIPS as the first crypto provider.");
        }
        h = true;
    }

    private static boolean b() {
        try {
            for (String str : new String[]{"/system/app/Superuser.apk", "/system/app/SuperSU/SuperSU.apk", "/system/xbin/su", "/system/xbin/supolicy"}) {
                if (new File(str).exists()) {
                    return true;
                }
            }
            String[] c2 = c();
            if (c2 != null && c2.length > 0) {
                for (String str2 : c2) {
                    if (!str2.endsWith("/")) {
                        str2 = str2 + "/";
                    }
                    if (new File(str2 + "su").exists()) {
                        return true;
                    }
                }
            }
        } catch (Exception unused) {
        }
        return false;
    }

    private static boolean b(Context context, String[] strArr) {
        File filesDir = context.getFilesDir();
        for (String str : strArr) {
            if (new File(filesDir, str).exists()) {
                logInfo(APP_NAME, "File exists:" + str);
                return false;
            }
        }
        return true;
    }

    private static void c(Context context) {
        new d(context).execute(new Void[0]);
    }

    private static void c(Context context, String[] strArr) {
        File filesDir = context.getFilesDir();
        for (String str : strArr) {
            if (new File(filesDir, str).exists()) {
                logInfo(APP_NAME, "Start re-encryption:" + str);
                try {
                    a(context);
                    SecretKey b2 = b.b();
                    logDebug(APP_NAME, "Secret key:" + a.a(b2.getEncoded()) + " for file:" + str);
                    logDebug(APP_NAME, "ReEncryption success:" + com.entrust.identityGuard.mobilesc.sdk.crypto.android.c.a(context, str, b2, str.equals(com.entrust.identityGuard.mobilesc.sdk.credential.z.h())) + " for file:" + str);
                } catch (Exception e2) {
                    logError(APP_NAME, "Error re-encrypting files. Data might be cleared", e2);
                }
            }
        }
    }

    private static String[] c() {
        String str = System.getenv("path");
        if (str == null || str.length() <= 0) {
            return null;
        }
        return str.split(":");
    }

    private static void d(Context context) {
        if (isKeyPoolEnabled()) {
            c(context);
        }
        i = new com.entrust.identityGuard.mobilesc.sdk.version.a();
    }

    private static boolean d() {
        return new c().a(e.check_su_binary) != null;
    }

    public static byte[] decryptData(Context context, byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        a(context);
        byte[] bArr2 = new byte[16];
        for (int i2 = 0; i2 < 16; i2++) {
            bArr2[i2] = bArr[i2];
        }
        byte[] bArr3 = new byte[bArr.length - 16];
        for (int i3 = 0; i3 < bArr3.length; i3++) {
            bArr3[i3] = bArr[i3 + 16];
        }
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            try {
                cipher.init(2, b.b(), new IvParameterSpec(bArr2));
                try {
                    return cipher.doFinal(bArr3);
                } catch (BadPaddingException e2) {
                    throw new RuntimeException("Cipher padding not supported: " + e2.toString());
                } catch (IllegalBlockSizeException e3) {
                    throw new RuntimeException("Cipher block size not supported: " + e3.toString());
                }
            } catch (InvalidAlgorithmParameterException e4) {
                throw new RuntimeException("Cipher key not supported: " + e4.toString());
            } catch (InvalidKeyException e5) {
                throw new RuntimeException("Cipher key not supported: " + e5.toString());
            }
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("AES/CBC/PKCS5Padding cipher algorithm not supported");
        } catch (NoSuchPaddingException unused2) {
            throw new RuntimeException("AES/CBC/PKCS5Padding cipher padding not supported");
        }
    }

    public static void disabledKeyPool() {
        f = true;
    }

    private static boolean e() {
        String lowerCase = System.getProperty("os.version").toLowerCase(Locale.getDefault());
        return lowerCase.contains("cyanogenmod") || lowerCase.contains("modaco") || lowerCase.contains("miui");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static byte[] encryptData(Context context, byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        a(context);
        byte[] bArr2 = new byte[16];
        try {
            SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr2);
            try {
                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                try {
                    cipher.init(1, b.b(), new IvParameterSpec(bArr2));
                    try {
                        byte[] doFinal = cipher.doFinal(bArr);
                        byte[] bArr3 = new byte[doFinal.length + 16];
                        for (int i2 = 0; i2 < 16; i2++) {
                            bArr3[i2] = bArr2[i2];
                        }
                        for (int i3 = 16; i3 < bArr3.length; i3++) {
                            bArr3[i3] = doFinal[i3 - 16];
                        }
                        return bArr3;
                    } catch (BadPaddingException e2) {
                        throw new RuntimeException("Cipher padding not supported: " + e2.toString());
                    } catch (IllegalBlockSizeException e3) {
                        throw new RuntimeException("Cipher block size not supported: " + e3.toString());
                    }
                } catch (InvalidAlgorithmParameterException e4) {
                    throw new RuntimeException("Cipher key not supported: " + e4.toString());
                } catch (InvalidKeyException e5) {
                    throw new RuntimeException("Cipher key not supported: " + e5.toString());
                }
            } catch (NoSuchAlgorithmException unused) {
                throw new RuntimeException("AES/CBC/PKCS5Padding cipher algorithm not supported");
            } catch (NoSuchPaddingException unused2) {
                throw new RuntimeException("AES/CBC/PKCS5Padding cipher padding not supported");
            }
        } catch (NoSuchAlgorithmException unused3) {
            throw new RuntimeException("SHA1PRNG secure random algorithm not supported");
        }
    }

    private static boolean f() {
        String lowerCase = Build.DISPLAY.toLowerCase(Locale.getDefault());
        return lowerCase.contains("cyanogen") || lowerCase.contains("modaco") || lowerCase.contains("miui") || lowerCase.contains("darkforest");
    }

    private static boolean g() {
        int i2 = Build.VERSION.SDK_INT;
        boolean contains = Build.CPU_ABI.toLowerCase().contains("armeabi-v7");
        return (i2 >= 14 && i2 <= 17 && contains) || (i2 == 21 && (contains || Build.CPU_ABI.toLowerCase().contains("arm64-v8")));
    }

    public static String getApplicationVersion() {
        String str = c;
        return str == null ? "2.1.0" : str;
    }

    public static CommCallback getCommCallback() {
        return e;
    }

    public static String getConnectionType() {
        return j;
    }

    public static int getLogLevel() {
        return d;
    }

    public static String getPlatform() {
        return "ANDROID";
    }

    public static String getSdkFullVersion() {
        if (i == null) {
            i = new com.entrust.identityGuard.mobilesc.sdk.version.a();
        }
        return i.b();
    }

    public static String getSdkVersion() {
        if (i == null) {
            i = new com.entrust.identityGuard.mobilesc.sdk.version.a();
        }
        return i.a();
    }

    private static boolean h() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (!keyStore.containsAlias("SmartCredential")) {
                return false;
            }
            logInfo(APP_NAME, "Found Android Keystore Entry");
            return true;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException unused) {
            return false;
        }
    }

    public static boolean hasLoggerBeenConfigured() {
        return a;
    }

    public static void initialize(Context context) {
        e = DefaultCommCallbackImpl.getInstance(context);
        v b2 = v.b();
        if (!b2.a()) {
            com.entrust.identityGuard.mobilesc.sdk.crypto.android.d.a();
            b2.a(true);
        }
        String[] strArr = {com.entrust.identityGuard.mobilesc.sdk.credential.z.h(), SmartCredentialStore.getSmartCredentialStorageFileName(), EntBTSessionOptions.getBTOptionsStorageFileName(), OptionsStore.getOptionsStorageFileName()};
        if (Build.VERSION.SDK_INT >= 26 && !a(context, strArr)) {
            c(context, strArr);
        }
        d(context);
    }

    public static void initializeOpenSslFipsCryptoProvider(Context context) {
        if (Build.VERSION.SDK_INT > 13) {
            b(context);
        }
    }

    public static boolean isActivationOrUsageAllowed(boolean z) {
        return !isDeviceSecure() || z;
    }

    public static boolean isDeviceRooted() {
        boolean a2 = a();
        if (b()) {
            a2 = true;
        }
        if (d()) {
            a2 = true;
        }
        if (e()) {
            a2 = true;
        }
        if (f()) {
            return true;
        }
        return a2;
    }

    @Deprecated
    public static boolean isDeviceSecure() {
        return isDeviceRooted();
    }

    public static boolean isFips140Compliant() {
        return g || (h && g());
    }

    public static boolean isKeyPoolEnabled() {
        return f;
    }

    public static void logDebug(String str, String str2) {
        if (d < 4) {
            return;
        }
        com.entrust.identityGuard.mobilesc.sdk.util.a.d(str, str2);
    }

    public static void logError(String str, String str2) {
        if (d < 1) {
            return;
        }
        com.entrust.identityGuard.mobilesc.sdk.util.a.a(str, str2);
    }

    public static void logError(String str, String str2, Throwable th) {
        if (d < 1) {
            return;
        }
        com.entrust.identityGuard.mobilesc.sdk.util.a.a(str, str2, th);
    }

    public static void logInfo(String str, String str2) {
        if (d < 3) {
            return;
        }
        com.entrust.identityGuard.mobilesc.sdk.util.a.c(str, str2);
    }

    public static void logWarning(String str, String str2) {
        if (d < 2) {
            return;
        }
        com.entrust.identityGuard.mobilesc.sdk.util.a.b(str, str2);
    }

    public static void logWarning(String str, String str2, Throwable th) {
        if (d < 2) {
            return;
        }
        com.entrust.identityGuard.mobilesc.sdk.util.a.b(str, str2, th);
    }

    public static LaunchUrlParams parseLaunchUrl(Intent intent) {
        LaunchUrlParams launchUrlParams;
        Uri data = intent.getData();
        String scheme = data.getScheme();
        String queryParameter = data.getQueryParameter("action");
        String queryParameter2 = data.getQueryParameter("regurl");
        if (queryParameter == null || queryParameter.trim().equals("")) {
            logWarning(APP_NAME, "Invalid launch URL.");
            return null;
        }
        if (queryParameter.equalsIgnoreCase("otaregister")) {
            String queryParameter3 = data.getQueryParameter("regpwd");
            String queryParameter4 = data.getQueryParameter("name");
            String queryParameter5 = data.getQueryParameter("scid");
            if (queryParameter2 == null || queryParameter2.trim().equals("") || queryParameter3 == null || queryParameter3.trim().equals("") || queryParameter4 == null || queryParameter4.trim().equals("") || queryParameter5 == null || queryParameter5.trim().equals("")) {
                logError(APP_NAME, "Invalid launch URL provided.  At least one parameter is missing.");
                return null;
            }
            if (queryParameter3.length() < 8 || queryParameter3.length() > 32) {
                logError(APP_NAME, "Invalid registration password provided in the activation link.");
                return null;
            }
            if (queryParameter4.length() > 20) {
                queryParameter4 = queryParameter4.substring(0, 17) + "...";
            }
            launchUrlParams = new ActivationLaunchUrlParams();
            ActivationLaunchUrlParams activationLaunchUrlParams = (ActivationLaunchUrlParams) launchUrlParams;
            activationLaunchUrlParams.d(queryParameter3);
            activationLaunchUrlParams.a(queryParameter2);
            activationLaunchUrlParams.c(queryParameter4);
            activationLaunchUrlParams.b(queryParameter5);
        } else if (queryParameter.equalsIgnoreCase("otaupdate")) {
            String queryParameter6 = data.getQueryParameter("regpwd");
            String queryParameter7 = data.getQueryParameter("serialnum");
            String queryParameter8 = data.getQueryParameter("name");
            String queryParameter9 = data.getQueryParameter("scid");
            if (queryParameter2 == null || queryParameter2.trim().equals("") || queryParameter6 == null || queryParameter6.trim().equals("") || queryParameter8 == null || queryParameter8.trim().equals("") || queryParameter9 == null || queryParameter9.trim().equals("") || queryParameter7 == null || queryParameter7.trim().equals("")) {
                logError(APP_NAME, "Invalid launch URL provided.  At least one parameter is missing.");
                return null;
            }
            if (queryParameter6.length() < 8 || queryParameter6.length() > 32) {
                logError(APP_NAME, "Invalid registration password provided in the activation link.");
                return null;
            }
            if (queryParameter8.length() > 20) {
                queryParameter8 = queryParameter8.substring(0, 17) + "...";
            }
            launchUrlParams = new UpdateLaunchUrlParams();
            UpdateLaunchUrlParams updateLaunchUrlParams = (UpdateLaunchUrlParams) launchUrlParams;
            updateLaunchUrlParams.d(queryParameter6);
            updateLaunchUrlParams.a(queryParameter2);
            updateLaunchUrlParams.g(queryParameter7);
            updateLaunchUrlParams.c(queryParameter8);
            updateLaunchUrlParams.b(queryParameter9);
        } else if (queryParameter.equalsIgnoreCase("otwregister")) {
            String queryParameter10 = data.getQueryParameter("serialnum");
            if (queryParameter2 == null || queryParameter2.trim().equals("") || queryParameter10 == null || queryParameter10.trim().equals("")) {
                return null;
            }
            launchUrlParams = new RegisterLaunchUrlParams();
            RegisterLaunchUrlParams registerLaunchUrlParams = (RegisterLaunchUrlParams) launchUrlParams;
            registerLaunchUrlParams.a(queryParameter2);
            registerLaunchUrlParams.b(queryParameter10);
        } else {
            if (queryParameter.equalsIgnoreCase("otasecregister")) {
                String queryParameter11 = data.getQueryParameter("enc");
                String queryParameter12 = data.getQueryParameter("mac");
                if (queryParameter11 == null || queryParameter11.trim().equals("") || queryParameter12 == null || queryParameter12.trim().equals("")) {
                    logWarning(APP_NAME, "Invalid secure launch URL.");
                    return null;
                }
                launchUrlParams = new s();
                s sVar = (s) launchUrlParams;
                sVar.a(queryParameter11);
                sVar.b(queryParameter12);
            } else if (queryParameter.equalsIgnoreCase("otasecupdate")) {
                String queryParameter13 = data.getQueryParameter("enc");
                String queryParameter14 = data.getQueryParameter("mac");
                if (queryParameter13 == null || queryParameter13.trim().equals("") || queryParameter14 == null || queryParameter14.trim().equals("")) {
                    logWarning(APP_NAME, "Invalid secure launch URL.");
                    return null;
                }
                launchUrlParams = new t();
                t tVar = (t) launchUrlParams;
                tVar.a(queryParameter13);
                tVar.b(queryParameter14);
            } else if (queryParameter.equalsIgnoreCase("anonchallenge")) {
                String queryParameter15 = data.getQueryParameter("txnid");
                String queryParameter16 = data.getQueryParameter("apiversion");
                String queryParameter17 = data.getQueryParameter("date");
                String queryParameter18 = data.getQueryParameter("hashalg");
                String queryParameter19 = data.getQueryParameter(ErrorBundle.SUMMARY_ENTRY);
                String queryParameter20 = data.getQueryParameter("status");
                String queryParameter21 = data.getQueryParameter("challenge");
                String queryParameter22 = data.getQueryParameter("provider");
                String queryParameter23 = data.getQueryParameter("appname");
                z zVar = new z();
                z zVar2 = zVar;
                zVar2.a(queryParameter15);
                zVar2.b(queryParameter16);
                zVar2.d(queryParameter23);
                zVar2.i(queryParameter19);
                zVar2.h(queryParameter17);
                zVar2.k(queryParameter18);
                zVar2.c(queryParameter20);
                zVar2.j(queryParameter22);
                zVar2.g(queryParameter21);
                launchUrlParams = zVar;
            } else {
                launchUrlParams = new LaunchUrlParams();
            }
            launchUrlParams.f(queryParameter);
            launchUrlParams.e(scheme);
        }
        launchUrlParams.f(queryParameter);
        launchUrlParams.e(scheme);
        launchUrlParams.a(data);
        return launchUrlParams;
    }

    public static void setApplicationVersion(String str) {
        c = str;
    }

    public static void setCommCallback(CommCallback commCallback) {
        if (commCallback != null) {
            e = commCallback;
        }
    }

    public static void setConnectionType(String str) {
        j = str;
    }

    public static void setFips140Compliant(boolean z) {
        g = z;
    }

    public static void setLogLevel(int i2) {
        d = i2;
    }

    public static void setLoggerConfigured() {
        a = true;
    }
}
